CUs Need to Look to Monitoring to Prevent Large Breaches

Recently, thousands of employees at the Iowa racing and gaming commission had records with their names, birth dates and social security numbers compromised when a hacker broke into the commission's server.

According to early reports, the breach was caused by changes in configuration. Michael Maloof, chief technology officer at TriGeo Network Security, said that this is the most common way hackers get into systems to steal secure information.

Phil Neray, vice president of security strategy at Guardium, said that criminals now have automated tools that allow them to search for vulnerable Web sites. Maloof added that over the last six to 18 months the trend has been to target smaller companies and institutions.

"We're all under attack, but if you have a weakness, it will be exploited," Maloof said.

Maloof said that the best ways to prevent a breach like the one in Iowa from happening at a credit union is to document all changes make to the system and to make sure a monitoring system is in place.

"Even the most sophisticated systems make mistakes, so it comes down to monitoring. It's not if but when you are attacked, and how fast you can detect it and respond."

Neray said for smaller institutions, like credit unions, that may not have the manpower to dedicate to detailed monitoring than technology is the answer.

"Technology can automate the monitoring processes and analysis so it reduces the need for more people and also address compliance challenges. Having someone manually assembles compliance reports is a huge burden and technology can streamline that."

Neray cited a recent breach a regional bank in Texas were criminals made transfers to accounts in Europe.

"You need to go beyond the traditional firewalls. A larger bank has controls in place that would prevent those types of transactions from happening."